Posted
by
timothy
on Tuesday September 23, 2008 @11:53AM
from the don't-let-the-door-hit-you-on-the-way-out dept.

alphadogg writes with this excerpt from Network World: "The lifeline linking notorious service provider Intercage to the rest of the Internet has been severed. Intercage, which has also done business under the name Atrivo, was knocked offline late Saturday night when the last upstream provider connecting it to the Internet's backbone, Pacific Internet Exchange, terminated Intercage's service. Intercage president Emil Kacperski said Pacific did not tell him why his company had been knocked offline, but he believes it was in response to pressure from Spamhaus, a volunteer-run antispam group, which has been highly critical of Intercage's business practices."

I for one welcome this chance for other spam vendors to engage in a little competition. It will be a wholly new playing field if/when Intercage re-emerges online, after previously holding a dominant position. Hopefully the free-market nature of Internet business will only encourage the production of more quality spam. The recipients of spam can only benefit from this new development.

I was thinking to myself "God! My EMail account must be in problem, I didn't receive any spam since the weekend", then I got this really great offer, a guy who is going to give me 20% of 5 million US dollars to help him recover a lost bank account. Well that's perfect, I'm the one who's finally gonna be rich!

You're just going to go right ahead and buy penis enlargement pills with the money? You're not going to parlay it into something bigger first? I got an email just this morning informing me that SuperRoyalCasinoOnline.com is offering a 200% bonus on all deposits. That means you can buy three times more penis pills, with the potential for even bigger winnings.

Look, you commie, if we don't pay our CEOs hundreds of millions of dollars, how can we be assured that we're getting the best? Do you know how long it might have taken to rape you all for hundreds of billions of dollars and then stick you with the bill for the rape exam kit if we had to make do with substandard CEOs?

Around two months ago, workers of the company were dismissed. The CEO of the company was reportedly beaten to death by a group of dismissed employees inside the premises after a compromise meeting called failed.

I thought they were pretty much a passive organization that just lists domains and companies that are either irresponsible or actively take part in spam- or malware-related activity. It feels a little disingenuous to claim that they pressured a provider to drop a client.

That's a good point, but when companies like AOL use Spamhaus, it means a huge number of email accounts are going to drop mail from anything in that list immediately.

So while Spamhaus does "passively" list people there, let's not fool ourselves -- when they update that list, they cause people to be blocked. If an entire ISP is blocked from communicating with most email accounts out there, then that ISP is going to feel the pressure.

Spamhaus was not the central issue or cause of the disconnection. If you read the article, you will see that there was a paper that was researched and published with regard to Intercage/Atrivo activities. The fact that I/A ended up on Spamhaus was simply a reflection of their activities. Not the cause of their disconnection. The network operators who each independently made a decision to not accomodate I/A traffic did so based on the merits of their own knowledge, some of which came from that paper and the rest of which came from their own experiences, and a tiny bit coming from spamhaus which, as noted elsewhere in this thread has a reputation of its own. (good and/or bad. )

While they don't do anything active, threatening to add you to their list for being the upstream of someone on their list is a little like saying "hey, nice knees. Shame if something happened to them". Enough people use Spamhaus, directly or indirectly, that being on their list can be equivalent to actively blocking them. It's not exactly a Usenet Death Penalty, but it'll cramp your style.

They list netblocks in a blacklist that other people use to filter, and if an ISP doesn't deal with the issue with that one block, Spamhaus will threaten to expand beyond the block of the individual offender, which might be like a/27, and blacklist the ISP's block, which might be a/18 or something.

If a whole ISP is seen as a habitual offender and providing safe haven to unrepentant spammers, then SpamHaus will work their way upstream.

It's one thing to expand a block of the ISP is letting the offender move around within an expanded block, e.g. 1.2/16 has a customer 1.2.3/24 who asks to move to 1.2.4/24 after being blacklisted.

However, if the real offenders are nicely sequestered in 1.2.3/24 then expanding the blacklist does not cause any more harm to the offenders and just makes people mad at you. It would be like Mexico canceling its extradition treaty with the United States because Texas executed someone after denying them their consu

Actually, no. Only SORBS does that - they're a bloody racketeering operation they are (even if you did nothing wrong, the SORBS admin will only delist you if you donate $50US to "an approved charity").

You're right, it's not fair. The idea is that it's supposed to put pressure on the ISP to kick out the offenders, by making all their other customers complain that they can't deliver mail. If an ISP has 50 angry customers and can make it all go away by getting rid of one customer, then they're apt to do just that.

I disagree even more with blacklisting peering partners. Just because Pacific peers with some other ISP doesn't mean that Pacific should know or care about anything regarding the other ISPs b

It worked the way it was supposed to! This is one reason why some misguided "neutrality" proposals fail -- they would prohibit blocking spammers.

The whole idea is that you're not allowed to host spammers or malware. If you do, your ISP is kicked off. If some ISP provides you with upstream, they are kicked off. Anybody who hosts spammers directly or indirectly is kicked off, taking their customers with it. Not nice to customers, but customers should not sign up with spam-friendly ISPs.

No, it's news.admin.net-abuse.blocklisting anymore (n.a.n-a.email has been bot-spammed to uselessness),and all they'll get there is (their fair share of) jeers and other verbal abuse.At least for about as long as they (Atrivo)'ve been abusing the email system.And those guys (Morley Dotes & Inigo Montoya) will know how long that's been.

Authentication between sender and receiver doesn't belong in the envelope, and you can already do this using GPG or x509 certificates; however, this doesn't help spamming at all because you have to be able to send to people without having to know them first.

Authentication between MTAs is also already possible using SASL; however, again, that doesn't help much because spam often comes via trusted peers, and you can't exclusively only accept mail from peers that you know before hand (s

I reject email that doesn't have an authenticated HELO or MAIL FROM via SPF or heuristic default policy. While this cuts down on zombie spam, there is still a steady stream of spam from fully authenticated throwaway domains. These are automatically blacklisted after 20 spam, or sooner if I do it manually. But new authenticated spam domains are registered daily (I see at least 6 new ones every day).

So while it is nice that spammers can't abuse someone elses domain to send me spam when email is authenticat

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses( ) Mailing lists and other legitimate email uses would be affected( ) No one will be able to find the guy or col

Email discussion about this modern version/equivalent of the "Internet Death penalty" (IDP) has been ongoing in the email list for network operators for the past several days. One side's consensus in this case seems to be "Intercage/Atrivo" has been a problem for years, has never adequately responded to abuse complaints, and is responding with a protestation of innocence that has all the credibility of 'The check is in the mail", "I'll only put it in an inch", and "of course I love you".

There is the other side of the story with protestations of innocence. Unfortunately those cries are exactly what any party, guilty or innocent, would make. How to tell the difference?

And what next?

Will more ISP's/Hosters refuse to do business with "questionable" parties? Doesn't seem likely, but we can hope. Will the IDP be used on any other parties? Will there be damage to innocent parties? There are no easy answers or ready solutions for this issue.

Will more ISP's/Hosters refuse to do business with "questionable" parties?

Some parties are always considered questionable, e.g. when they actively disrupt the Net. Those parties have always been cut-off, even in the pre-IP times: a misbehaving USENET host was quickly blacklisted and it had a very hard time to find peers. This is "technical questionability".

Other parties are sometimes considered questionable, e.g. when they provide content that is deemed questionable in some areas and cultures (say, e.g. pr0n). This is "social/cultural questionability".

Cutting someone off because of technical reasons is absolutely justifiable, because not cutting him off would disrupt the system itself. Cutting someone off because of social/cultural reasons is not necessary from a technical point of view, and is open to political debate.

Now, Net Neutrality is essentially a political (and economical) debate, and has nothing to do with the first category (technical constraints). Cutting off Intercage/Atrivo seems to me like belonging to the first category: they were actively disrupting the Net on the technical level, and they had to go. IMHO.

Now, Net Neutrality is essentially a political (and economical) debate, and has nothing to do with the first category (technical constraints). Cutting off Intercage/Atrivo seems to me like belonging to the first category: they were actively disrupting the Net on the technical level, and they had to go. IMHO.

There is no clear dividing line. Spam is largely a social problem with some technical consequences. People don't like receiving spam (social), and the load causes problems for administrators (technical). Same with network neutrality: A few people running BitTorrent can ruin network utility for everybody else on the last mile. It's a technical problem to handle the traffic in a way that society perceives as fair.

There is the other side of the story with protestations of innocence. Unfortunately those cries are exactly what any party, guilty or innocent, would make. How to tell the difference?

Well, there's the 10+ years of evidence of lots of spam and viruses originating from there, spammers continuing to operate after multiple abuse reports were sent in, spammers operating from different IPs in the same range after the owner said he disconnected them, and very little evidence of any legitimate traffic from the same

Comcast does it secretly, Pacific did it publicly (or at least, obviously).Comcast targets a lot of individuals, Pacific cut off a provider who couldn't / wouldn't police their network.Comcast has the public's hate. Pacific is seen as doing the public a favor.

Not saying these are valid reasons, but they are reasons to contemplate. There are probably more that I didn't think of.

In the case of civil torts, like some copyright, spam, and the like:If it's within your country, use the court system. That's what it is there for. If the RIAA knew with a high degree of certainty that I was hosting songs, they could get an injunction against me then get me tossed in jail for contempt if I violated it.

If it's in another country, then you might have to take the law into your own hands. If I'm Comcast and some ISP in another country

Because they've gotten hammered in Nanog over hosting Intercage/Attrivo. And you can say all you want about the Congress-critters and their "regulation" about net neutrality, but unless they want to make their own US-only internet, they're going to have to play by the rules of the big dogs (those who own ASes, many of which aren't in the US). And the big dogs on Nanog aren't happy about it, and last month some threatened BGP-blackholing (therefore completely making them disappear) for their particular ASes.

Ok, for the record I am happy they are offline, but the devil's advocate in me does make me wonder about impact of this on net-neutrality.
Consider this, a bandwidth provider cuts off certain traffic because it disproves of this traffic and feels most of it is illegal and it is bad for their business.
Is it Pacific Internet Exchange cutting off access to Intercage because they believe most of the sites (70+ %) involves spam or some other illegal acvitivy?

Pacific Internet Exchange cut off Intercage because Spamhaus listed Intercage, Pacific, and all of Pacific's legit customers if any, so none could send or receive email.

Net neutrality? Nope. Nothing to do with that. If Pacific wanted to stay in business they had to avoid being listed by SBL. Once listed they had to resolve that problem or they would have no legit customers left. So it's pure self interest on the part of Pacific. As it should be.

Intercage has apparently arranged new connectivity, that new ISP will now be listed by SBL and have to get rid of Intercage of avoid it. The circle continues. You cannot cash spammers and miscreant's checks and stay in the ISP business. Not anymore. Those days are over. Hooray for Spamhaus.

You see a difference where I see the biggest similarity in these scenarios. Both Spamhous and MAFIAA blackmail their victims into doing what they want by threat of financial impact. Comcast being sued by people that control their content is probably a much bigger financial threat than Spamhous blocking email.

Just to illustrate the point:

PirateBay has apparently arranged new connectivity, that new ISP will now be targeted by MPAA and have to get rid of PirateBay to avoid it. The circle continues. You cannot cash copyright pirate's checks and stay in the ISP business. Not anymore. Those days are over. Hooray for MPAA.

Just to illustrate the point:
PirateBay has apparently arranged new connectivity, that new ISP will now be targeted by MPAA and have to get rid of PirateBay to avoid it. The circle continues. You cannot cash copyright pirate's checks and stay in the ISP business. Not anymore. Those days are over. Hooray for MPAA.

Oh, hardly.

Piratebay clearly doesn't host any copyright materials, their role is the same as google's, that of a search engine. They don't cash any checks. Aren't they all essentially volunte

Piratebay clearly doesn't host any copyright materials, their role is the same as google's, that of a search engine. They don't cash any checks. Aren't they all essentially volunteers?

No, they aren't just like Google, and yes, they do gain financially. Their primary reason for existence is to point to illegal copies of copyrighted works, hence the name "Pirate Bay". They don't try to hide their purpose -- they flaunt it. Google is a generic search engine.

As for money, they are very secretive about their operating costs and revenue. They get money in from advertisements. On a site as big as theirs, do you seriously think they don't come out ahead? Why all the secrecy?

There is a difference between a business deciding it doesn't want one specific customers business, and Comcast, which is most locations a government protected monopoly, messing with traffic is pretty much is mandated to carry.

Businesses always have the ability to refuse customers, as long as it doesn't break any laws. And I have seen no suggestion that PIE or anyone else who has refused their business is breaking any laws.

Comcast was not providing what their "contract" said it should, and got caught.

A bit over a week ago Brian Krebs, who writes the "Security Fix" blog in the Washington Post, went public [washingtonpost.com] with a number of allegations about Atrivo and its activities. As a result, many of Atrivo's own upstream connectivity providers disconnected them.

A guy with a ski mask over his head and what appeared to be burglary tools comes to my back door and asks if he can pay me $500 to rent my ladder for a couple of hours. He then offers me another $250 to help me place it against my neighbor's window and quietly go away. No problem, and easy $750 in one night.

The next day, the police are asking about a breakin next door the previous night. I tell them nothing because "I had nothing to do with any burglary".

Spamhaus seems to have a personal vendetta against Intercage even though they have nothing to do with spam.

Okay... so not spam and not illegal. What then? Porn? Why would we hate you for that?

He kinda answered that already...

However I dont do anything thats illegal here (haha you cocksuckers there in the usa).

We all know that blowjobs are not illegal in the US when performed by consenting (human) adults. Depending what kind of person you are his admission could raise further questions, I don't even want to think about it.